Installer doesn't wipe the disk when installing on encrypted LVM
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
partman-auto-crypto (Ubuntu) |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
In Jaunty Beta, when installing using the encrypted LVM option, the disk partitioning step proceeds far too quickly.
A proper disk encryption setup should involve overwriting the whole disk with /dev/urandom. Otherwise, it's easy for an attacker to tell which parts of the disk were written to, and possibly deduce useful information from that.
Also, somebody who wants to encrypt their disk will almost certainly find the possibility of an attacker recovering pre-encryption data very undesirable.
If the time to do this is too long, a compromise would be the installer asking the user whether the disk should be cleared, defaulting to "Yes". This could be also useful for users who cleared the disk on their own before running the installer.
affects: | ubuntu → ubiquity (Ubuntu) |
Additional thing I noticed: The install CD doesn't ship the intel-rng and amd-rng kernel modules, which hugely accelerate the generation of random numbers on the computers that include the required hardware.
For best performance, the installer should try to load those modules before doing the disk wipe.